package/libraw: security bump to version 0.21.4
Fixes the following security issues:
- CVE-2025-43961: metadata/tiff.cpp has an out-of-bounds read in the
Fujifilm 0xf00c tag parser.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43961
- https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2
- CVE-2025-43962: phase_one_correct in decoders/load_mfbacks.cpp has
out-of-bounds reads for tag 0x412 processing
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43962
- https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2
- CVE-2025-43963: phase_one_correct in decoders/load_mfbacks.cpp allows
out-of-buffer access
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43963
- https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964
- CVE-2025-43964: tag 0x412 processing in phase_one_correct in
decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43964
- https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0
For more details on the version bump, see the release notes:
- https://github.com/LibRaw/LibRaw/releases/tag/0.21.4
- https://github.com/LibRaw/LibRaw/releases/tag/0.21.3
- https://github.com/LibRaw/LibRaw/compare/0.21.2...0.21.4
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a4249a20243bb620d095a36e78d3722aa29f8da7)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Thomas Perale